SIFMA released the following statement from Kenneth Bentsen, SIFMA president and CEO, upon completion of SIFMA’s November 7 global industry-wide Quantum Dawn V cybersecurity exercise. SIFMA, in its crisis coordination role, led the exercise, which included participants from SIFMA, AFME and ASIFMA member firms.
“There is likely no greater threat to financial stability than a large-scale cyber incident. Quantum Dawn V simulated a low-probability, high-impact event, which is something the industry must prepare for just as we do for other possible crisis events. Building on our previous Quantum Dawn events, this year we made the exercise global.
“Quantum Dawn V enabled key public and private bodies around the globe to practice coordination and to exercise incident response protocols, both internally, and externally, to maintain smooth functioning of the financial markets when faced with a series of sector-wide global cyberattacks.
“The exercise was carried out with over 600 individuals from over 180 financial institutions and government agencies around the globe—including participants from Australia, Canada, Europe, Hong Kong, India, Malaysia, Japan, Singapore, and the US. Quantum Dawn V was a unified exercise designed to build global response and recovery capabilities, with a significant focus on communication and coordination of roles and responsibilities to ensure we are connected at a global level.
“A clear takeaway from the exercise is the importance of a robust partnership between the industry and government grounded in information sharing. No single actor – not the government, nor any individual firm – has the resources to protect markets from cyber threats on their own, nor do cyber incidents restrict themselves to one geographic region. That’s why the communication aspect was essential to the exercise’s success.
“SIFMA also notes that the exercise underscores the increasing frequency and sophistication of cyberattacks, and the critical need for an effective allocation of cybersecurity resources at financial institutions. The financial services industry is a top target, facing tens of thousands of cyberattacks each day. Enhanced harmonization of regulatory standards and supervision, to reduce the amount of duplicative or redundant rules, would help enable firms to devote more resources to security and better protect investors.
“Cybersecurity is truly an issue where the interests of the industry and public sector are fully aligned. SIFMA and our members are constantly working to improve cyber defenses, resiliency and recovery through massive monetary investment in technology and personnel, regular training, industry exercises, and close coordination between the financial sector and the government, including our regulators. Best practices are developed and refined regarding penetration testing, insider threats, third-party risks, and secure data storage and recovery. Lessons learned from Quantum Dawn V will help shape these initiatives as we constantly work to get better.”
SIFMA will now work with California-headquartered consulting firm Protiviti to analyze participant feedback and produce a public after-action report with key observations and recommendations for enhancing the financial services sector’s ability to respond to a global cyber event.